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In the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1.-36. (Canceled) 

37. (Currently Amended) Apparatus for mediating in management orders 
between a plurality of origin managers managing devices and a plurality of managed 
devices in a telecommunications system, the management orders intended to execute 
management operations over the managed devices, comprising: 

a communication receiver component arranged to receive a management order 
from an orig i n manag e r one of the origin managing devices : 

a management verifier component arranged to determine whether the received 
management order is an allowed management order by checking whether the 
management order fits an access attribute comprised in a management access 
template, the management access template being one selected from the group 
consisting of: a first management access template in relationship with an identifier of the 
origin manag e r origin managing device : a second management access template in 
relationship with an identifier of a managed data object affected by the management 
order; and a third management access template in relationship with an identifier of a 
managed device affected by the management order; and 

a communication sender component arranged to send an allowed management 
order to a managed device. 

38. (Previously Presented) The apparatus of claim 37, wherein the first 
management access template further comprises at least one access attribute selected 
from the group consisting of: an identifier of an allowed management operation; an 
identifier of an allowed managed data object; a pattern structure of the managed data 
object; an identifier of an allowed managed device; an identifier of an allowed 
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management operation over an allowed managed device; and an identifier of an 
allowed management operation over an allowed managed data object. 

39. (Currently Amended) The apparatus of claim 37, wherein the second 
management access template further comprises at least one access attribute selected 
from the group consisting of: a pattern structure of the managed data object; an 
identifier of an allowed management operation; an identifier of a managed device 
holding the managed data object; an identifier of an allowed origin managor origin 
managing device : an identifier of an allowed management operation from an allowed 
or i gin manag o r origin managing device : and an identifier of an allowed management 
operation over a holding managed device. 

40. (Currently Amended) The apparatus of claim 37, wherein the third 
management access template comprises at least one access attribute selected from the 
group consisting of: an identifier of an allowed management operation; an identifier of a 
managed data object held on the managed device; an identifier of an allowed or i g i n 
manag e r origin managing device ; an identifier of an allowed management operation 
from an allowed origin managor origin managing device ; and an identifier of an allowed 
management operation over a held managed data object. 

41. (Previously Presented) The apparatus of claim 37, wherein the 
management verifier component is arranged to determine, from the identifier of a 
management operation, at least one identifier, the identifier being one selected from the 
group consisting of: an identifier of a managed data object affected by the operation; 
and an identifier of a managed device, affected by the operation. 

42. (Previously Presented) The apparatus of claim 37, wherein the 
management verifier component is arranged to select a management access template, 
among the first, second, and third management templates, according to an identifier 
received in a management order. 
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43. (Previously Presented) The apparatus of claim 42, wherein the 
management verifier component is arranged to select a management access template, 
among the first, second, and third management templates, according to an access 
attribute comprised in another selected management access template. 

44. (Currently Amended) The apparatus of claim 42, wherein the identifier of 
the orig i n manag e r origin managing device comprises at least one identifier selected 
from the group consisting of: an identifier of a management server sending a 
management order; and an identifier of a user operating the management server; and 

wherein the management verifier component is arranged to select the first 
management access template according to the at least one identifier. 

45. (Currently Amended) The apparatus of claim 42, wherein the identifier of 
the orig i n managor origin managing device comprises at least one identifier selected 
from the group consisting of: an identifier of a management server sending a 
management order; and an identifier of a user operating the management server; and 
wherein the management verifier component is arranged to authenticate the at least 
one identifier. 

46. (Previously Presented) The apparatus of claim 42, wherein the 
management verifier component is arranged to determine a management role 
associated to at least one identifier, the identifier being one selected from the group 
consisting of: an identifier of a management server sending a management order; and 
an identifier of a user operating the management server. 

47. (Previously Presented) The apparatus of claim 46, wherein the 
management verifier component is further arranged to select at least one management 
access template in relationship with the role. 
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48. (Previously Presented) The apparatus of claim 46, wherein at least one 
management access template among the second or third management templates 
comprises an identifier (ROm) of at least one role as an access attribute, and wherein 
the Management Verifier Component is further arranged to check whether the 
management order fits with the role. 

49. (Previously Presented) The apparatus of claim 37, wherein the 
management verifier component is arranged to determine whether a managed data 
object affected by an allowed management order is an access attribute in a 
management access template, and further comprising a management execution 
component, arranged to execute a management operation over the access attribute. 

50. (Currently Amended) The apparatus of claim 37, wherein the 
communication receiver component is further arranged to receive an access request 

wherein the management verifier component is further arranged to determine the 
first management access template; and 

wherein the communication sender component is further arranged to send an 
access response to the or i g i n manag e r origin managing device that comprises an 
access attribute of the management access template. 

51. (Currently Amended) In a telecommunications system, a method for 
mediating in the management of a plurality of devices from a plurality of origin 
managors origin managing devices , comprising the steps of: 

receiving a management order from an origin manag e r one of the origin 
managing devices in the managed device; 

executing a management operation requested by the management order in the 
managed device; 

the step of receiving a management order comprising the further steps of: 
receiving a management order in a centralized management mediator; 
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checking in the centralized management mediator whether the management 
order fits an access attribute comprised in a management access template so to 
determine whether a received management order is an allowed management order, the 
management access template being one selected from the group consisting of: a first 
management access template in relationship with an identifier of the or i g i n man a g e r 
origin managing device : a second management access template in relationship with an 
identifier of a managed data object affected by the management order; and a third 
management access template in relationship with an identifier of a managed device 
affected by the management order; and 

granting the management order to be sent to a managed device if it is an allowed 
management order. 

52. (Previously Presented) The method of claim 51, wherein the step of 
checking the management order comprises the further step of determining, from the 
identifier of a management operation, at least one identifier selected from the group 
consisting of: an identifier of a managed data object affected by the operation; and an 
identifier of a managed device, affected by the operation. 

53. (Previously Presented) The method of claim 52, wherein the step of 
checking the management order comprises the further step of selecting a management 
access template, among the first, second, and third management templates, according 
to an identifier received in a management order. 

54. (Previously Presented) The method of claim 53, wherein the step of 
checking the management order comprises the further step of selecting a management 
access template, among the first, second, and third management templates, according 
to an access attribute comprised in another selected management access template. 

55. (Currently Amended) The method of claim 53, wherein the identifier of the 
origin manag e r origin managing device comprises at least one identifier among: an 
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identifier of a management server sending a management order; an identifier of a user 
operating the management server; and 

wherein the step of selecting a management access template comprises the 
further step of selecting the first management access template according to the at least 
one identifier. 

56. (Currently Amended) The method of claim 53, wherein the identifier of the 
or i gin manager origin managing device comprises at least one identifier selected from: 
an identifier of a management server sending a management order; and an identifier of 
a user operating the management server; and 

wherein the step of checking the management order comprises the further step 
of authenticating the at least one identifier. 

57. (Previously Presented) The method of claim 53, wherein the step of 
checking the management order comprises the further step of determining a 
management role associated to at least one identifier selected from: an identifier of a 
management server sending a management order; and an identifier of a user operating 
the management server. 

58. (Previously Presented) The method of claim 57, wherein the step of 
checking the management order comprises the further step of selecting a management 
access template in relationship with the role. 

59. (Previously Presented) The method of claim 57, wherein at least one 
management access template among the second or third management templates 
comprises an identifier (ROm) of at least one role as an access attribute, and wherein 
the step of checking the management order comprises the further step of checking 
whether the management order fits with the role. 
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60. (Previously Presented) The method of claim 51, wherein the step of 
checking the management order comprises the further step of checking whether a 
managed data object affected by an allowed management order is an access attribute 
in a management access template; and wherein the step of granting the management 
order comprises the further step of executing a management operation over the access 
attribute. 

61 . (Currently Amended) The method of claim 51 , comprising the further steps 

of: 

receiving an access request from an origin manager the origin managing device : 
determining the first management access template; and 
sending an access response to the orig i n manager origin managing device that 
comprises an access attribute of the management access template. 

62. (Currently Amended) A computer program stored on a data storage in a 
computer-based apparatus for mediating management orders between a plurality of 
origin manag e r s origin managing devices and a plurality of managed devices in a 
telecommunications system, the management orders intended to execute management 
operations over the managed devices, comprising: 

a computer-readable program having code adapted to cause a computer-based 
apparatus to process the reception of a management order from an origin manag e r one 
of the origin managing devices : 

the computer-readable program having code adapted to cause the computer- 
based apparatus to determine whether a received management order is an allowed 
management order by checking whether the management order fits an access attribute 
in a management access template, the management access template being one 
selected from the group consisting of: a first management access template in 
relationship with an identifier of the origin manager origin managing device : a second 
management access template in relationship with an identifier of a managed data object 
affected by the management order; and a third management access template in 
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relationship with an identifier of a managed device affected by the management order, 
and 

the computer-readable program having code adapted to cause the computer- 
based apparatus to send an allowed management order to a managed device. 

63. (Previously Presented) The computer program of claim 62, further 
comprising the computer-readable program having code adapted to cause the 
computer-based apparatus to determine, from the identifier of a management operation, 
at least one identifier selected from: an identifier of a managed data object affected by 
the operation; and an identifier of a managed device, affected by the operation. 

64. (Previously Presented) The computer program of claim 62, further 
comprising the computer-readable program having code adapted to cause the 
computer-based apparatus to select a management access template, among the first, 
second, and third management templates, according to an identifier received in a 
management order. 

65. (Previously Presented) The computer program of claim 64, further 
comprising the computer-readable program having code adapted to cause the 
computer-based apparatus to select a management access template, among the first, 
second, and third management templates, according to an access attribute comprised 
in another selected management access template. 

66. (Currently Amended) The computer program of claim 64, wherein the 
identifier of the or i g i n m a nag e r origin managing device comprises at least one identifier 
among: an identifier of a management server sending a management order; an identifier 
of a user operating the management server; and 

the computer-readable program having code adapted to cause the computer- 
based apparatus to select the first management access template according to the at 
least one identifier. 
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67. (Currently Amended) The computer program of claim 64, wherein the 
identifier of the or i gin manag e r origin managing device comprises at least one identifier 
selected from among: an identifier of a management server sending a management 
order; an identifier of a user operating the management server; and 

wherein the computer-readable program has code adapted to cause the 
computer-based apparatus to authenticate the at least one identifier. 

68. (Previously Presented) The computer program of claim 64, further 
comprising the computer-readable program having code adapted to cause the 
computer-based apparatus to determine a management role associated to at least one 
identifier selected from: an identifier of a management server sending a management 
order; and an identifier of a user operating the management server. 

69. (Previously Presented) The computer program of claim 68, further 
comprising the computer-readable program having code adapted to cause the 
computer-based apparatus to select at least one management access template in 
relationship with the role. 

70. (Previously Presented) The computer program of claim 68, wherein at 
least one management access template among the second or third management 
templates comprises an identifier (ROm) of at least one role as an access attribute, and 
further comprising a computer-readable program code for causing the computer-based 
apparatus to check whether the management order fits with the role. 

71. (Previously Presented) The computer program of claim 62, further 
comprising the computer-readable program having code adapted to cause the 
computer-based apparatus to determine whether a managed data object affected by an 
allowed management order is an access attribute in a management access template, 
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and a computer-readable program code for causing the computer-based apparatus to 
execute a management operation over the access attribute. 

72. (Currently Amended) The computer program of claim 62, further 
comprising: 

the computer-readable program having code adapted to cause the computer- 
based apparatus to process the reception of an access request from an origin manager 



the computer-readable program having code adapted to cause the computer- 
based apparatus to determine the first management access template, and 

the computer-readable program having code adapted to cause the computer- 



device that comprises an access attribute of the management access template. 




based apparatus to send an access response to the 



origin managing 
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